Ajax brings a new generation of Web viruses

Obviously, with the popularity of Ajax, everything seems very calm, although everyone knows it will not continue. Just as with the advent of smartphones, mobile phone viruses have become increasingly popular. Ajax obviously brings a lot of capabilities to Web browsers. Of course, the virus will certainly not let this opportunity go, but it is just a matter of time.

An article sparked an uproar on the internet, JavaScript worm targets Yahoo !. This article describes the last time Yahoo Mail received a virus attack.

For more detailed information, you can use security-yamanner worm hits Yahoo Mail. Although this is only a beta version of Yahoo Mail System, it seems attractive due to its Ajax background.

The above is a complete explanation, and even the virus shocked Symantec. Symantec responded to the virus. For details, see Js. yamanner @ M. You can see the whole process of virus running.

Of course, there are also code, if you are very sensitive to the code. But I didn't see it, so I was dizzy when I opened it. : P

Eric, well-known, also responded to the issue and sent a message titled "Will Ajax get another bad rap" on his blog? Yahoo worm.

Yes. Since the advent of Ajax, although its own development has been booming, it has always been a matter of doubt. I am afraid that some people will come up with the weakness of Ajax.

In fact, any developer involved in the Ajax tide should understand that everything has two sides. When the powerful combination of xhr and JavaScript gives more functions to the client, there are always some inharmonious things involved. The problem is that the browser will not differentiate js code in the webpage for you. For it, as long as it is the webpage, it will be treated equally. Therefore, if we do not control it, there will always be risks.

As Eric mentioned, you must check user input. Sometimes, even if it is not a user input or a server from a distance, you must come up with a policy for verification. You cannot assume that all of this is running in a closed and stable environment, unless your system is undesirable and of little use.

The problem is that this is not the first time. The security of JavaScript code is not unknown, but because of the limitations of the scale and importance of the previous application, no one pays attention to it. In fact, what Ajax does is simply to increase the amount and importance of JavaScript code.

In Eric's words, even Yahoo can be planted here, and we have to weigh our own components.

Related connections include:

1, Web 2.0 worm downs MySpace

2, Kama Sutra worm crashes malware chart

3, Download. ject-style worm spreads via IM